Auto Updating

[hacdias]

The new IPFS Desktop version must support seamless auto updating of itself and auto updating of its go-ipfs/js-ipfs binaries.

• Updating IPFS Desktop: we can use the instructions on Electron Builder's Auto Update page which can be easily integrted with GitHub releases.
• Updating Go IPFS/JS IPFS: maybe fetching some page to check if there is a newer version available and then downloading the binaries.
  • Should the initial IPFS Desktop binary contain a version already? Or should we download the binary the first time the app runs?

/cc @ipfs-shipyard/gui

[lidel]

we can use the instructions on Electron Builder's Auto Update page which can be easily integrated with GitHub releases.

I've been thinking about this a bit and for the first iteration we should be okay-ish with using a third party HTTP update tracker if we do our own, additional validation on top of what is provided there.

For example, before we execute downloaded update, we should verify its checksum against a checksum published at http://dist.ipfs.io and signed by a known, hardcoded in ipfs-desktop pgp pubkey, or a similar measure. Note: we don't have that yet: I created PR for adding checksum files in ipfs/distributions#199, we need to merge that and add PGP signing on top of that
(cc'd @ipfs-shipyard/dx if there are better ways than PGP i don't see)

Rationale: there is no canonical "code signing" body for Linux and we should not assume signing solutions provided by Apple or Microsoft are trustworthy: exhibit A, exhibit B 👌 🙃

In the future (or if above requires a lot of custom code), we should use IPFS itself for tracking updates. Given a determined adversary, HTTP servers are easy to censor and block security updates from reaching vulnerable users.

Should the initial IPFS Desktop binary contain a version already?
Or should we download the binary the first time the app runs?

I think user expects it to "just work" after install, so it would be a better UX to bundle it with ipfs-desktop.
That being said, it is not a deal breaker and the first iteration of revamp can download it on first install, but if we do that ipfs-desktop has to ship with a hardcoded checksum of go-ipfs binaries and verify it after download.

[hacdias]

Just as an update: According to Electron Build's Auto update page, they only support auto-update for these three formats (one for each major platform):

• macOS: DMG
• Linux: AppImage
• Windows: NSIS

[lidel]

Sounds reasonable: most of Linux distributions will want to maintain own package and install it via own package manager anyway.

[olizilla]

This was shipped in https://github.com/ipfs-shipyard/ipfs-desktop/releases/tag/v0.6.0

This is based just on github releases and does includes a sha512 integrity check...

version: 0.6.0
files:
  - url: ipfs-desktop-0.6.0-mac.zip
    sha512: NBp6fI+8BMfeeg3rzwcCd8zVTycyFDBfm7Wzq3WVyo967YDNL5b1kcA/9Ox8zx1RO3xyiszb5Pn4FxadwFyb0g==
    size: 93457203
    blockMapSize: 97257
  - url: ipfs-desktop-0.6.0.dmg
    sha512: X912w635b2X0bGfdIexxDbMdk+PytmevNlEcaxoBBJNogkIRTnnAgGb6xrk7jGQSoQqAGVW1FVPcNohSN8DpCw==
    size: 96554502
path: ipfs-desktop-0.6.0-mac.zip
sha512: NBp6fI+8BMfeeg3rzwcCd8zVTycyFDBfm7Wzq3WVyo967YDNL5b1kcA/9Ox8zx1RO3xyiszb5Pn4FxadwFyb0g==
releaseDate: '2018-12-21T11:31:10.205Z'

see: the latest-osx.ym file in https://github.com/ipfs-shipyard/ipfs-desktop/releases/tag/v0.6.0

@lidel could you raise a seperate issue for creating an independent IPFS based integrity check.

[hacdias]

@olizilla macOS auto updating won't work before #66

[hacdias]

Working on Windows

Exited the app and relaunched it and there was the new version 😄

[olizilla]

We've got a few open issues related to the electron-builder release and auto-update process:

• Wonky after reboot/ran out of battery  #792 macos update error
  • possibly becuase we stopped CI before it uploaded the .dmg
  • possibly becuase mac developer certs werent in place
• Self-destructed on auto-update from v0.6.0 to v0.6.1 #783 windows update error
  • possibly becuase it was installed for all users of the system, but needs investigation.

There is this new regression where draft-releases aren't being created, and if we make one manually, then CI is unable to upload artefacts

• Unable to publish assets to Github (ReleaseAsset asset_already_exists) electron-userland/electron-builder#3559

Then there is the background desire to have an update mechanism that uses IPFS

• Hardening Updates with Content-Addressing and IPNS #789 Hardening updates with Content-Addressing.

@hacdias @lidel @fsdiogo we need to either prove to ourselves that the electron-builder update process can be made reliable, or we need to implement another mechanism, that we can make reliable.

Options:

• https://electronjs.org/blog/autoupdating-electron-apps
• https://github.com/zeit/hazel
• A custom set up, based on publishing release CIDs
• ?

[olizilla]

Auto updating via github releases is working now. Release marked as "pre-release" are excluded from auto-updates.